• OS X Security Update Fixes RSS Vulnerability.

    Apple has seeded Security Update 2009-001 via the Software Update utility. Among the many various things that are updated this security update patches the Safari RSS vulnerability that we covered back in January.
    Safari RSS

    CVE-ID: CVE-2009-0137

    Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.6, Mac OS X Server v10.5.6

    Impact: Accessing a maliciously crafted feed: URL may lead to arbitrary code execution

    Description: Multiple input validation issues exist in Safari's handling of feed: URLs. The issues allow execution of arbitrary JavaScript in the local security zone. This update addresses the issues through improved handling of embedded JavaScript within feed: URLs. Credit to Clint Ruoho of Laconic Security, Billy Rios of Microsoft, and Brian Mastenbrook for reporting these issues.
    To read full details of this security update please visit the Apple info page.

    Other things that were updated at the same time include Safari 3.2.2 which patches the same RSS vulnerability as Safari OS X and also a Java Update which improves security and compatibility of Java on Mac OS X.
  • Connect With Us

  • Twitter Box

  • Facebook